Explore the security and usability of gesture-based authentication for smartphones in this IEEE conference talk. Delve into the challenges of evaluating and enhancing gesture password security, including the limitations of current data sets and imprecise matching methods. Learn about a large-scale study involving crowd workers that led to the development of a security assessment framework capable of calculating partial guessing entropy estimates and generating effective cracking dictionaries. Discover novel blacklist and lexical policies designed to improve gesture password entropy and their validation through an additional crowd-sourced study. Gain insights into gesture discretization, n-gram Markov models, and online dictionary attacks using Dynamic Time Warping (DTW). Understand the trade-offs between usability and security in gesture authentication, and explore potential solutions for creating more secure and user-friendly smartphone authentication methods.
Gesture Authentication for Smartphones - Evaluation of Gesture Password Selection Policies
Overview
Syllabus
Intro
Smartphone Passwords
Pattern Password
Biometric Password
Problems with Gestures
Study Design
Security Metrics: Gesture Discretization
Security Metrics: n-gram Markov Models
Objectives - revisited
Gesture Password Policies
Policy Study: Usability Results
Security Metrics.n-gram Markov Models
Online Dictionary Attack DTW
Conclusion
Taught by
IEEE Symposium on Security and Privacy
